noexec on /dev/shm
Miloslav Trmač
mitr at volny.cz
Tue Dec 14 18:35:34 UTC 2010
Jesse Keating píše v Út 14. 12. 2010 v 09:47 -0800:
> On 12/14/10 9:22 AM, Miloslav Trmač wrote:
> > Bill Nottingham píše v Út 14. 12. 2010 v 12:08 -0500:
> >>> The problem is not the technical solution. Problem is that changes of
> >>> such important thing like /etc/fstab are decided without Fedora developers.
> >>
> >> Eh, what? It's a change to how API filesystems (/proc, /sys, etc.) get
> >> mounted. When this was done in rc.sysinit, every change to how it mounted
> >> /proc wasn't discussed on the devel list. When we switched to having dracut
> >> be the primary way that API filesystems are mounted, that wasn't put up
> >> to a FESCo vote.
> > The practical difference is that nothing broke at that time, whereas
> > systemd tends to break thinks that users use. (I won't buy dismissing it
> > as "mere bugs" - adding NOEXEC could hardly have been a typo.)
>
> Perhaps you missed the part where the bug was that the fs doesn't get
> remounted with the perms from fstab as by design. That's the bug.
So the design was to
1) change the setting in the C reimplementation
2) add a new facility that will revert the setting to its original value
?
Is it really surprising that I'd like more discussion of the systemd
design in advance?
Mirek
More information about the devel
mailing list